From c14b353a29c292a53f228a87c0d57cd18940e8e7 Mon Sep 17 00:00:00 2001 From: shadow750d6 <124365938+shadow750d6@users.noreply.github.com> Date: Thu, 9 Feb 2023 13:20:16 +0800 Subject: [PATCH 1/4] Fix parse hysteria UDP message --- transport/hysteria/protocol.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/transport/hysteria/protocol.go b/transport/hysteria/protocol.go index aa2eab30..beed65a3 100644 --- a/transport/hysteria/protocol.go +++ b/transport/hysteria/protocol.go @@ -293,6 +293,10 @@ func ParseUDPMessage(packet []byte) (message UDPMessage, err error) { if err != nil { return } + if 6+int(hostLen) > len(packet) { + err = E.New("invalid host length") + return + } message.Host = string(packet[6 : 6+hostLen]) err = binary.Read(reader, binary.BigEndian, &message.Port) if err != nil { From 9db3cb5cb7fdfe10a0447a5fb27c6eadccdc9267 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=96=E7=95=8C?= Date: Thu, 9 Feb 2023 13:26:31 +0800 Subject: [PATCH 2/4] Update scripts --- release/config/postinstall.sh | 2 +- release/config/postremove.sh | 2 +- release/local/install.sh | 1 + release/local/install_go.sh | 2 +- release/local/uninstall.sh | 1 + 5 files changed, 5 insertions(+), 3 deletions(-) diff --git a/release/config/postinstall.sh b/release/config/postinstall.sh index a1fa18b1..0fb0f05f 100755 --- a/release/config/postinstall.sh +++ b/release/config/postinstall.sh @@ -1,3 +1,3 @@ #!/bin/sh -mkdir "/var/lib/sing-box" \ No newline at end of file +mkdir -p /var/lib/sing-box \ No newline at end of file diff --git a/release/config/postremove.sh b/release/config/postremove.sh index fd2cdd87..00fff784 100755 --- a/release/config/postremove.sh +++ b/release/config/postremove.sh @@ -1,3 +1,3 @@ #!/bin/sh -rm -rf "/var/lib/sing-box" \ No newline at end of file +rm -rf /var/lib/sing-box \ No newline at end of file diff --git a/release/local/install.sh b/release/local/install.sh index 24e9d006..4d5b9e1b 100755 --- a/release/local/install.sh +++ b/release/local/install.sh @@ -14,6 +14,7 @@ go install -v -trimpath -ldflags "-s -w -buildid=" -tags with_quic,with_wireguar popd sudo cp $(go env GOPATH)/bin/sing-box /usr/local/bin/ +sudo mkdir -p /var/lib/sing-box sudo mkdir -p /usr/local/etc/sing-box sudo cp $PROJECT/release/config/config.json /usr/local/etc/sing-box/config.json sudo cp $DIR/sing-box.service /etc/systemd/system diff --git a/release/local/install_go.sh b/release/local/install_go.sh index dea6b47e..b01b9817 100755 --- a/release/local/install_go.sh +++ b/release/local/install_go.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash set -e -o pipefail -curl -Lo go.tar.gz https://go.dev/dl/go1.19.3.linux-amd64.tar.gz +curl -Lo go.tar.gz https://go.dev/dl/go1.20.linux-amd64.tar.gz sudo rm -rf /usr/local/go sudo tar -C /usr/local -xzf go.tar.gz rm go.tar.gz \ No newline at end of file diff --git a/release/local/uninstall.sh b/release/local/uninstall.sh index 11fa930a..d40107ba 100755 --- a/release/local/uninstall.sh +++ b/release/local/uninstall.sh @@ -1,6 +1,7 @@ #!/usr/bin/env bash sudo systemctl stop sing-box +sudo rm -rf /var/lib/sing-box sudo rm -rf /usr/local/bin/sing-box sudo rm -rf /usr/local/etc/sing-box sudo rm -rf /etc/systemd/system/sing-box.service From 4833f6d5db987c5976ac66715d35b5d767d4b486 Mon Sep 17 00:00:00 2001 From: Gavin Luo Date: Thu, 9 Feb 2023 13:30:43 +0800 Subject: [PATCH 3/4] Fix systemd service caps for process sniffing --- release/config/sing-box.service | 4 ++-- release/config/sing-box@.service | 4 ++-- release/local/sing-box.service | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/release/config/sing-box.service b/release/config/sing-box.service index 707efe5d..16ca0a32 100644 --- a/release/config/sing-box.service +++ b/release/config/sing-box.service @@ -5,8 +5,8 @@ After=network.target nss-lookup.target [Service] WorkingDirectory=/var/lib/sing-box -CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE -AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE +CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH +AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH ExecStart=/usr/bin/sing-box run -c /etc/sing-box/config.json Restart=on-failure RestartSec=10s diff --git a/release/config/sing-box@.service b/release/config/sing-box@.service index d6292a04..44925767 100644 --- a/release/config/sing-box@.service +++ b/release/config/sing-box@.service @@ -5,8 +5,8 @@ After=network.target nss-lookup.target [Service] WorkingDirectory=/var/lib/sing-box-%i -CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE -AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE +CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH +AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH ExecStart=/usr/bin/sing-box run -c /etc/sing-box/%i.json Restart=on-failure RestartSec=10s diff --git a/release/local/sing-box.service b/release/local/sing-box.service index 94fce13d..2ea74bf1 100644 --- a/release/local/sing-box.service +++ b/release/local/sing-box.service @@ -5,8 +5,8 @@ After=network.target nss-lookup.target [Service] WorkingDirectory=/var/lib/sing-box -CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE -AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE +CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH +AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH ExecStart=/usr/local/bin/sing-box run -c /usr/local/etc/sing-box/config.json Restart=on-failure RestartSec=10s From d611db7567d5b5e95613e5106af448a6a5a0d52a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=96=E7=95=8C?= Date: Thu, 9 Feb 2023 17:17:36 +0800 Subject: [PATCH 4/4] Add renovate config --- .github/renovate.json | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .github/renovate.json diff --git a/.github/renovate.json b/.github/renovate.json new file mode 100644 index 00000000..06154037 --- /dev/null +++ b/.github/renovate.json @@ -0,0 +1,11 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "commitMessagePrefix": "[dependencies]", + "extends": [ + "config:base", + ":disableRateLimiting" + ], + "baseBranches": ["dev-next"], + "enabledManagers": ["github-actions"], + "groupName": "github-actions" +} \ No newline at end of file